Error retrieving the current token in a Blazor application after successful authentication in Azure B2C with Msal #39311
Comments
ghost
added
the
Author: Migration Bot 🤖
mkArtakMSFT
added
area-blazor
mkArtakMSFT
added
the
✔️ Resolution: Duplicate
|
Please note, the fix for this issue should be available in the 6.0.2 patch release. |
|
Any estimates on this? |
|
The fix for the underlying @rmencia-isv could you please try this out using the latest installer available at https://github.com/dotnet/installer. Please let us know if you're still having the issue with that, and please provide the exact version of the dotnet sdk being used, along side the exact exception message you're getting. |
|
I have installed the latest versionfrom the url you provided (dotnet-sdk-6.0.200-preview.22068.4-win-x64.exe) and I still get the same error in Blazor wasm client app. Checking the list I have this one installed (6.0.200-preview.22068.4) The error Message: InnerException: |
Ah that's definitely a bit strange. Could you please double check your csproj files to ensure you don't have any hardcoded versions which may be causing this issue? Also, if you could try adding the following to your nuget config: <add key="dotnet6" value="https://dnceng.pkgs.visualstudio.com/public/_packaging/dotnet6/nuget/v3/index.json" />Further details here. |
|
This is what I have in the project file.
|
|
Hey @rmencia-isv, I took a look at the feeds and you're right the 6.0.2 (prerelease) packages aren't up yet. You can either try waiting for the official 6.0.2 release (mid February), or try the 7.0 alpha packages (not sure if they'll be updated yet though). |
|
Thanks Tanay for getting back to me. It's unfortunate that the packages are not uploaded yet, as I've seen a number of issues fixed. |
|
Hi, @TanayParikh , I'm facing the same issue. Unfortunately I cannot wit until mid February. This is definitively not present on the repo you suggested... |
|
Hello @kbeaugrand, to test out the pre-release you can try using the nightly SDK & packages as above, or by using the 7.0 alpha/beta packages. SDK Download: https://github.com/dotnet/installer (ensure you get the 6.0.2 or 7 alpha/beta SDK) Add to your Nuget config: <add key="dotnet6" value="https://dnceng.pkgs.visualstudio.com/public/_packaging/dotnet6/nuget/v3/index.json" />Further details here. |
|
I also am having the exact same issue with B2C and Blazor WASM. |
|
Hi @TanayParikh, Do you have a more precise date for the release of Microsoft.AspNetCore.Components.WebAssembly.Authentication v6.0.2 ? Thank you. |
It was just released earlier today! |
Thank you for your answer. |
To confirm you've updated the SDK/.csproj to utilize the new 6.0.2 packages, correct? What exact error message are you seeing? Can you please provide a minimal, public, github repro which reproduces this issue? |
Hi, Yes I confirm that I updated my package to 6.0.2 (https://github.com/CGI-FR/IoT-Hub-Portal/blob/main/src/AzureIoTHub.Portal/Client/AzureIoTHub.Portal.Client.csproj). You can find a public repos (not minimal) with my configuration here: https://github.com/CGI-FR/IoT-Hub-Portal/. For the code sample, that is relevant, you can find at client Program.cs file the executed configuration: https://github.com/CGI-FR/IoT-Hub-Portal/blob/main/src/AzureIoTHub.Portal/Client/Program.cs. The error message obtained is: |
|
I may be able to reproduce the issue on a minimal project if needed. |
Yes please, that'd be much appreciated! Thanks for the stack trace. I see the underlying error. Re-opening this issue. |
TanayParikh
removed
✔️ Resolution: Duplicate
I'll send you the sample app as soon I've pushed on a public repos. |
|
@kbeaugrand here is a sample that shows how you can customize the JS we provide. It uses MSAL, but the steps are equivalent for OpenID Connect. |
|
Looking at the sample: I presume from the error previously that the AccessToken has null expiry and thus cannot be converted to the DateTimeOffset by the serializer: Maybe it is line 164/165: If the result contains something then it won't make the call on line 166. Not tried debugging it yet, thoughts? |
|
Thanks for contacting us. We're moving this issue to the |
|
If it helps anyone here is how I implemented a work around for this. I needed to get the token to pass it to my API. I added this to the index.html Then commented out the recommended message handler: Then when you use the Httpclient manually add it: Its pretty janky but works for me until they roll out a fix :). |
|
@Spaceman1861, this would add the id_token in the Authorization header, right ? |
|
Perhaps I'm looking at it wrong @kbeaugrand ill walk you through the train of though if you think I have it wrong id love to know:
|
|
Can you print in the discussion, the tokens you have in the session storage (not the values, just the keys) ?
@javiercn, I cannot understand the decision to move the fix to this issue to .NET 7. I have two issues :
These two issues makes the Blazor WebAssembly not usable with an authenticated resource ! |
|
An interesting article. I am indeed using the IdToken for Authentication. {
"credentialType": "IdToken",
"homeAccountId": "SOME VALUE",
"environment": "something.b2clogin.com",
"clientId": "SomeGUIld",
"secret": "JWT GOES HERE",
"realm": ""
}From that article
For reference I have 3 tokens in my session
I assume this is the way i configured the B2C workflow to only return an Id Token. This is adequate for my scenario for the time being. |
|
I finally found what was going wrong. And if I'm right, this might had absolutely never work... On the AuthenticationService, when requesting the AccessToken, it calls the OIDC client to silent sign in. This will request the IdP and expects to have the To fix that I added the token in the arguments to pass to the |
|
Nevermind, I got why getting the access token as part of the login doesn't work in my case... AD B2C doesn't provide the user info endpoint and he oidc client used requires it ;( By changing the settings, I got my flow working (after disabling the loadUserInfo (see: https://github.com/IdentityModel/oidc-client-js/wiki#other-optional-settings) After, that I can have my access token with the id_token. |
|
Guys fix this? |
|
@kbeaugrand Could you provide more details on the workaround, please? |
|
I simply moved the settings to specify the authentication response type to ``code```. e.g: _ = builder.Services.AddOidcAuthentication(options =>
{
....
options.ProviderOptions.ResponseType = "code";
}); |
|
So, using new Blazor project with default B2C configuration is still erroring on the profile page. |
|
We have made improvements to this scenario in .NET 7.0, the changes will be available in RC2. It should be easier to diagnostic when there is an issue in the configuration of the app. |
ghost
locked as resolved and limited conversation to collaborators
This issue has been moved from a ticket on Developer Community.
I have created a Blazor application and I use Msal to do authentication following the examples from Azure B2C.
With my B2C configuration in the server, I can successfully login, I get the User, the claims and I can call the api.
I would need to have access to the token during development to be able to use that token to call my api services directly using swagger. So during Debugging I wanted to print the token on screen to copy and paste.
However, when I try to get the token in the Client after successful login, I get an Exception:
An exception occurred executing JS interop: The JSON value could not be converted to System.DateTimeOffset. Path: $.token.expiresThis is a very confusing exception and doesn't seem to explain the type of error that is occurring. It seems that is not doing any validation during the parsing or pre-parsing. So not sure why this is happening.
More details:
I initialise with this:
I also use a custom AuthorizationMessageHandler to be able to call the api, which works well.
However, when in my code I call the code to retrieve the Token, I get the exception + one unhandled exception:
And additionally there is an unhandled exception:
I have tried in B2C to set the configuration, and I'm able to run the SignIn flow redirecting to jwt.ms passing the token and decoding it.
And I get the token decoded when redirecting directly to jwt.ms:
Original Comments
Feedback Bot on 11/12/2021, 00:15 AM:
We have directed your feedback to the appropriate engineering team for further evaluation. The team will review the feedback and notify you about the next steps.
Original Solutions
(no solutions)
The text was updated successfully, but these errors were encountered: